McAfee launches certification for SaaS providers
- 21 March, 2010 23:00
McAfee has launched a new security certification program for Software-as-a-Service providers. Cloud Secure will be provided entirely through the cloud and charged per connected device.
The vendor's vice-president, Michael Sentonas, said the security certification scheme would help convince prospective SaaS customers their data would be secure. Any provider can have its service checked for vulnerabilities.
“One of the biggest questions I get from a lot of companies is ‘if we’re going to start looking at SaaS-based technologies, how do we know if any of them are safe?” Sentonas said. “One of the biggest inhibitors to SaaS technologies in Asia-Pacific has been security. It is the reason why people don’t adopt this technology.”
Companies can achieve certifications in SAS70 and ISO27001 standards, which are audited annually. They will also need to perform daily vulnerability checks using McAfee’s service over the cloud.
“The combination of the two is what we believe will give SaaS providers the confidence to market to customers that their infrastructure is secure,” Sentonas said.
No special hardware or software is required, with the scan taking between 30 minutes to up to two hours, depending on the number of threats being scanned for and the device’s hardware. The system will need to be connected online for the duration of the scan and a report detailing any vulnerabilities will be sent to the client.
“Customers can schedule it and it is fully configurable,” he said.
Sentonas dismissed concerns that other competing software vendors, such as Symantec, would not want to be certified by McAfee.
“There are so many different SaaS-based providers. Some of them provide technology that has nothing to do with security, others provide technology that comes with it,” he said. “While at face value you think they’re competitors, there is a lot of synergy that can come from working together.
“There hasn’t been a security standard in place where people can assess their network and then aggressively market to their users that they’ve gone through this testing.”